I recently tried to extract a 200 GB ZIP file with a simple command to extract a ZIP file on Linux:
unzip file-name.zipand got the following error:
error: invalid zip file with overlapped components (possible zip bomb)
To unzip the file anyway, rerun the command with UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE environmnent variable
Solution to correctly extract a large ZIP file on linux and bypass possible ZIP bomb protection
The unpack large ZIP files on Linux, command should look like this:
Replace file-name.zip with the name of the file you need to extract.
export UNZIP_DISABLE_ZIPBOMB_DETECTION=TRUE; unzip file-name.zipThis command bypasses ZIP bomb protection and you can easily extract large ZIP files on Linux.
What is a ZIP bomb?
A ZIP bomb is a malicious archive file designed to crash or render useless the program or system reading it. It achieves this by exploiting the way compression algorithms work. Typically, a ZIP bomb is a small, seemingly harmless file that, when decompressed, expands into an enormous file or a large number of files, overwhelming the system’s resources and causing it to become unresponsive or crash.
The term “ZIP bomb” is derived from the popular ZIP compression format, but similar concepts can be applied to other archive formats as well. The goal of a ZIP bomb is often to disrupt or disable the target system rather than to cause direct harm to data. As a result, they are sometimes used as a form of denial-of-service attack.
To protect against ZIP bombs and similar threats, many software applications and systems implement security measures to detect and prevent the decompression of files that exhibit characteristics typical of such malicious archives. Users are advised to exercise caution when handling compressed files from untrusted sources to avoid falling victim to ZIP bombs or other malicious activities.
